Skip to content

1.1.8.3 Ensure nosuid option set on /dev/shm partition

Audit#

Verify that the nosuid option is set for the /dev/shm mount

Run the following command to verify that the nosuid mount option is set.

Example: 

# findmnt --kernel /dev/shm | grep nosuid

Remediation#

Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /dev/shm partition. See the fstab(5) manual page for more information.

Run the following command to remount /dev/shm using the updated options from /etc/fstab: 

# mount -o remount /dev/shm